I am doing the oauth2 Azure AD. I am be able to authenticate user and list all the groups for a domain by using using this api reference
https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/api-catalog
I am having the issue which i really need some help on:
1) When a user login i am not be able to identify user’s role. In google only admin/delegate admin have permission to list groups thus we are using this to identify admin. Unfortunately for Azure AD normal user also can list groups as well. I want to be able to see if user role is User, User Admin, Password Admin etc
2) Need a way to get the group (orgunit) which user belong to. I went through the api link (above) several times but not be able to find something helpful. i did try to set up a local Active Directory where i setup the orgunit and sync over to Azure AD. But consistently i see department is null.